Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3963

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2008-3963
Last Modified 22 Jan 2013 11:01:30
Published 10 Sep 2008 09:13:47
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-3963

Summary

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.

Vulnerable Systems

Application

  • Mysql 5.0

  • Mysql 5.0.0

  • Mysql 5.0.0.0

  • Mysql 5.0.1

  • Mysql 5.0.10

  • Mysql 5.0.10a

  • Mysql 5.0.11

  • Mysql 5.0.12

  • Mysql 5.0.13

  • Mysql 5.0.14

  • Mysql 5.0.15

  • Mysql 5.0.15a

  • Mysql 5.0.16

  • Mysql 5.0.16a

  • Mysql 5.0.17

  • Mysql 5.0.17a

  • Mysql 5.0.18

  • Mysql 5.0.19

  • Mysql 5.0.1a

  • Mysql 5.0.2

  • Mysql 5.0.20

  • Mysql 5.0.20a

  • Mysql 5.0.21

  • Mysql 5.0.22

  • Mysql 5.0.22.1.0.1

  • Mysql 5.0.23

  • Mysql 5.0.24

  • Mysql 5.0.24a

  • Mysql 5.0.25

  • Mysql 5.0.26

  • Mysql 5.0.27

  • Mysql 5.0.3

  • Mysql 5.0.30

  • Mysql 5.0.32

  • Mysql 5.0.33

  • Mysql 5.0.36

  • Mysql 5.0.37

  • Mysql 5.0.38

  • Mysql 5.0.3a

  • Mysql 5.0.4

  • Mysql 5.0.41

  • Mysql 5.0.42

  • Mysql 5.0.44

  • Mysql 5.0.45

  • Mysql 5.0.4a

  • Mysql 5.0.5

  • Mysql 5.0.5.0.21

  • Mysql 5.0.50

  • Mysql 5.0.51

  • Mysql 5.0.51a

  • Mysql 5.0.51b

  • Mysql 5.0.52

  • Mysql 5.0.54

  • Mysql 5.0.56

  • Mysql 5.0.6

  • Mysql 5.0.60

  • Mysql 5.1

  • Mysql 5.1.1

  • Mysql 5.1.10

  • Mysql 5.1.11

  • Mysql 5.1.12

  • Mysql 5.1.13

  • Mysql 5.1.14

  • Mysql 5.1.15

  • Mysql 5.1.16

  • Mysql 5.1.17

  • Mysql 5.1.18

  • Mysql 5.1.19

  • Mysql 5.1.2

  • Mysql 5.1.20

  • Mysql 5.1.21

  • Mysql 5.1.22

  • Mysql 5.1.23

  • Mysql 5.1.23 Bk

  • Mysql 5.1.23a

  • Mysql 5.1.3

  • Mysql 5.1.4

  • Mysql 5.1.5

  • Mysql 5.1.5a

  • Mysql 5.1.6

  • Mysql 5.1.7

  • Mysql 5.1.8

  • Mysql 5.1.9

  • Mysql 6.0.0

  • Mysql 6.0.1

  • Mysql 6.0.2

  • Mysql 6.0.3

  • Mysql 6.0.4


References

DEBIAN - DSA-1783

CONFIRM - https://bugs.gentoo.org/237166

XF - mysql-bitstring-dos(45042)

VUPEN - ADV-2008-2554

SECTRACK - 1020858

REDHAT - RHSA-2009:1067

MLIST - [oss-security] 20080909 Re: CVE request: MySQL empty bit-string literal server crash

MLIST - [oss-security] 20080909 CVE request: MySQL empty bit-string literal server crash

MANDRIVA - MDVSA-2009:094

SECUNIA - 34907

SECUNIA - 32759

SECUNIA - 31769

SUSE - SUSE-SR:2008:025

CONFIRM - http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html

CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html

CONFIRM - http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html

CONFIRM - http://bugs.mysql.com/bug.php?id=35658

UBUNTU - USN-671-1

SECUNIA - 32769

REDHAT - RHSA-2009:1289

SECUNIA - 36566

Related Patches

Novell SUSE 2008:5618 mysql security update for SLE 10 i586


Last Updated: 27 May 2016 11:01:21